California's $3.5 million drug database 'bank vault' safe, says Brown

LOS ANGELES (Legal Newsline)--California will launch a massive online database of prescription drugs aimed at preventing "doctor shopping" and other abuses by both patients and doctors, Attorney General Jerry Brown announced Wednesday.

The $3.5 million project will be funded at least in part through private grants, most notably from the Pack Foundation, which will spearhead fund raising. Getting the database up and running will cost about $1.5 million and take about six months to build, founder Bob Pack said in a joint press conference with Brown in Los Angeles.

Pack's two children were killed by a woman high on prescription pain killers, he said. She had six prescriptions from six different doctors, and had obtained more than 300 pills in a matter of weeks, Pack said.

"They (doctors) said the did not have access to her records. They couldn't verify her injury. And they did not have any computer access to the patient's medical history," Pack told reporters.

"This woman was the ultimate doctor shopper. She is the prime example of what we're trying to prevent."

The underlying database already exists, though not in an easily portable and accessible form. The Department of Justice has maintained a database of dispensed prescription drugs since 1940, now stored in the state's Controlled Substance Utilization Review and Evaluation System or CURES, which contains 86 million schedule II, III and IV prescriptions given in California.

Examples of drugs that are tracked in the state's database include Morphine, Vicodin, Oxycodone, Codeine, amphetamine, and analogs of methadone and opium.

The project will bring information online and make it accessible to doctors, pharmacists and, in some cases, law enforcement.

"Every year thousands of doctors try to check their patient's prescription history information but California's current database is difficult to access," Brown said at a news conference. "If California puts this information online, with real-time access, it will give authorized doctors and pharmacies the technology they need to fight prescription drug abuse which is burdening our health care system."

Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, said the program needs to have "iron clad security" to prevent abuse of sensitive information stored in this database.

She urged the state to follow fair information practices, including limits on who can access the database and for what purposes. She also said individuals should be allowed to see their own records, much like a credit report. There should also be a log kept showing each time the database is looked at, and of who is looking, she said.

"When we access our credit report, we can see who has looked at our credit report," Givens said.

Givens also called for strong safeguards.

"The problem is real," she said in a phone interview. "Whenever there's a compilation of personal sensitive information, it's important that both strong privacy and security principals be adopted. I understand the societal benefits of keeping such a database, but there must be iron clad security."

The biggest threat, she said, is from those who have legitimate access.

"It's not inconceivable, even with tight security, that this database could be compromised," Givens said. "An awful lot of breaches are from illegitimate insider access. The insider access issue is the biggest potential point of compromise."

Brown and others promised the database would have "bank vault" security, and that information inside would be encrypted, so that even if hackers broke in, nothing would be readable.

Brown said the program's $3.5-million price tag will cover three years of operations, including $500,000 per year in maintenance and upgrades for software and equipment.

Brown said he'd go to the legislature and ask for money directly if needed.